Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
571
Views
0
Helpful
6
Replies

two VPN tunnel one for main service one for backup using track command

cisco.xenpak1
Level 1
Level 1

‎08-20-2010 05:48 AM - edited ‎03-04-2019 09:30 AM

Hello together,

want to configure two tunnels over the internet, I just want to get more input, how to solve the problem, that when a tunnel fails, that the traffic will be shifted over to the other tunnel.

Now the problem is, that the loopback is reachable also through the main connection.

I am thinking to use a track command, that allows me something like this

track 10 ip route 10.0.0.100 255.255.255.255 reachabillity (need this but only over a certain interface, in this case the tunnel1)

Otherwise the loopback 10.0.0.100 is also available thrught the main link when the tunnel is working.

using the interface as determination is not working, since the tunnel is (unless the physical link is down) always up.

anyone knows a command to have the track only check the loopback availabillity over a specific interface?

(like an extended ping with a source parameter i.e. ping 10.0.0.100 source interface tunnel1)

thx for the input

regards

Chris

Labels:
0 Helpful
6 Replies 6

Jeremy Buck
Level 1
Level 1

‎08-20-2010 07:11 AM

Hey xenpak,

From what you've posted It sounds like you have a single router with two tunnels of which you want to have one tunnel be primary and the other be secondary. You want to forward traffic over the primary link only until it fails and then you would switch over to the secondary, correct?

Have you considered configuring another loopback on the distant end routers which is only reachable through the tunnel and tracking those addresses?

If that option is not feasible I would look into configuring EOT with boolean logic (Enhanced Object Tracking).That should provide the ultimate flexibility in IP reachability and interface tracking, you can configure boolean logic!!

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/fthsrptk.html#wp1045974

Do you control the tunnel endpoints? If so then you can always run your favorite routing protocol over them.

Thanks,

-Jeremy

0 Helpful

cisco.xenpak1
Level 1
Level 1
In response to Jeremy Buck

‎08-21-2010 05:08 AM

Hello Jeremy,

"From what you've posted It sounds like you have a single router with  two tunnels of which you want to have one tunnel be primary and the  other be secondary. You want to forward traffic over the primary link  only until it fails and then you would switch over to the secondary,  correct?"

     That is correct.

Have you considered configuring another loopback on the distant end  routers which is only reachable through the tunnel and tracking those  addresses?

     Yes, this is one solution, but it requires some configuration. One on the destination router to put in another loopback. Than I need to configure also

     that way, that this loopback is only reachbable through this tunnel, ect, ect.


     That is a solution that I tested, and it is working 100% but means a lot to configure on all the routers arround it,

     Therefore I am looking for a easier solution with the tracking going over a specific interface.

You mentionend something about control of the endpoints. Yes, I do have controls over the tunnel endpoints. There are running BGP.

Certainly I will check out the boolean logic and the link you've sent me.

Thx for that one already.

Regards

Chris

0 Helpful

Lei Tian
Cisco Employee
Cisco Employee

‎08-20-2010 08:44 AM

Hi Chris,

Why won't you just track the remote end physical interface's IP?

HTH,

Lei Tian

0 Helpful

cisco.xenpak1
Level 1
Level 1
In response to Lei Tian

‎08-21-2010 05:12 AM

Hi Lei Tian,

than you for your answer.

The reason for this tracking is to ensure, that the tunnel is working.

Tracking a physical interface does not work at all.

Chances that something along the way is not working is much more propable.

The tunnel endpoints facing a larger network over that I have no control.

So even when the link is up with my local connection, it does not mean, that the tunnel is working.

Regards

Chris

0 Helpful

Lei Tian
Cisco Employee
Cisco Employee
In response to cisco.xenpak1

‎08-21-2010 06:08 AM

Hi Chris,

Does your IOS support IP SLA with track? Within IP SLA, you can configure the type as ICMPecho, and set the source interface.

HTH,

Lei Tian

0 Helpful

samirshaikh52
Level 2
Level 2
In response to Lei Tian

‎08-21-2010 04:36 PM

You can also the administrative distance if you two routing.Static and dynamic   (BGP Protocol)

Make it Static 120 and BGP 90

This was tested by me and working

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card